The White House Office of Information and Regulatory Affairs is reviewing a proposed rule that would update the cybersecurity protections required under the Health Insurance Portability and Accountability Act, or HIPAA, Federal News Network reported Wednesday.
The Department of Health and Human Services will issue a notice of proposed rulemaking for public comment once OIRA completes its review of the proposed rule on the HIPAA cybersecurity update.
HHS proposed the rule in response to rising cyberattacks targeting electronic protected healthcare information, or ePHI, which HIPAA regulates.
“We’ve seen tremendous increases in the use of ransomware and hacking to obtain unauthorized access to ePHI, and since 2003 there’s been an evolution in technical capabilities of record systems that are used to maintain health information, and there have been changes in the costs of variety of security measures,” Marissa Gordon-Nguyen, senior adviser for health information privacy, data and cybersecurity at the HHS Office of Civil Rights, said at a conference Wednesday.
“The changes we think support updating the security rule to help ensure that it can continue to provide a baseline of security standards to meet current and emerging security risks and threats to ePHI,” she added.
Register here for the Potomac Officers Club’s 2024 Healthcare Summit on Dec. 11. Join this key event to explore the transformative trends and innovations shaping the future of the U.S. healthcare sector.
